VoIPshield: Three Microsoft’s (News - Alert) VoIP, UC Products Are Susceptible to Attack
A Canada-based VoIP security solutions company is reporting that it’s detected vulnerabilities in three Microsoft products that deliver VoIP, presence, instant messaging and audio-video-Web conferencing functionality.
Officials at VoIPshield Laboratories – the research division of Ottawa’s VoIPshield Systems Inc. – say that Office Communications Server 2007, Office Communicator and Windows Live Messenger, applications that use media stream protocols such as RTP, or “Real-time Transport Protocol,” are susceptible. RTP is a popular standardized packet format for delivering audio and instant messaging over the Internet.
According to Andriy Markov, director of VoIPshield Labs, the flaws exist in other VoIP vendors’ products.
“And many other media stream attacks exist that have more severe implications than service availability,” Markov said. “We’re presently validating new research that shows an attacker can gain unauthorized access to an unsuspecting user’s laptop by manipulating the packets of a VoIP phone call. We believe that these attacks can even be made to traverse a PSTN gateway.”
Microsoft officials responded by saying that it’s investigating claims of the vulnerabilities but that its unaware of any attacks or customer impact.
Christopher Budd, security response communications lead for Microsoft, told TMCnet that the company is taking steps to determine how customers can protect themselves in case Microsoft confirms the vulnerability.
“Once we’re done investigating, we will take appropriate action to help protect customers,” Budd said. “This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.”
If exploited, VoIPshield officials say, the vulnerabilities could cause a so-called “denial of service” condition against both the specific Microsoft applications and entire desktop environment.
Here’s a screen shot from VoIPshield’s Web site that provides some basic information on how the company rates the Microsoft applications’ vulnerabilities, as well as some other programs:
According to Ken Kousky - chief executive officer of CISSP certification training company IP3 Inc. and advisor to the VoIP Lab at Illinois Institute of Technology, most of the attention in enterprise VoIP and unified communications security has been paid to the control channel, where SIP and other signaling protocols are used.
“Until now, the media stream has been largely ignored by the security community as a source of malicious activity,” Kousky said. “But attacks from these vectors have the potential to be dangerously persistent and widespread.”
Part of the problem, according to VoIPshield President and Chief Executive Officer Rick Dalmazzi, is that VoIP and UC represent new technologies and paradigms in the way information is communicated and consumed.
“The result is brand new vectors of attack against the entire corporate IT infrastructure. Companies must start now to educate themselves in this new area of security,” Dalmazzi said. “VoIPshield has been working exclusively in VoIP and UC security since 2004 and has compiled a number of assessment and protection techniques and products for enterprise networks.”
Microsoft officials said that in order to minimize risk to computer users, the company encourages responsible disclosure.
“By reporting vulnerabilities directly to a vendor, it helps ensure that customers receive comprehensive, high-quality updates while reducing the risk of attack,” Budd said.
Company officials say that anyone believed to have been affected can visit this site and should contact the national law enforcement agency in their country.
“Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY,” Budd said. “Additionally, customers in the United States should contact their local FBI office or report their situation at www.ic3.gov. Microsoft continues to encourage customers to follow the ‘Protect Your Computer’ guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at www.microsoft.com/protect.”
Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.